just noticed that since the release of WhatsApp version 2.8.2-5222 (iPhone) I'm no longer able to read my sniffed messages. Probably they added some kind of encryption or at least compression to the raw data. Does anyone have further informations?
asked 02 Aug '12, 07:53
If whatsapp network traffic is now encrypted, no worries.
If you have physical access to the device, just take the SD Card out and look in /whatsapp directory.
Specifically the /whatsapp/Databases directory there are 6 msgstore-YYYY-MM-DD.1.db.crypt backups and the current msgstore.db.crypt.
Best route to recover the messages is to (As the help application help file says) - Extract the entire /whatsapp directory into a separate device. - Install what's app on the other device then import them.
Android doesn't seem to act differently when you take the SD card out and the contents aren't encrypted. (Means you can spend quality time with its contents)
WhatsApp keeps 6 days of backup logs plus the current msg database called msgstore.db.crypt and doesn't appear to delete media like videos, images or sounds.
It does over write the older backups so don't wait around as critical data can get overwritten. Also, current chats aren't deleted or overwritten and that can be months old. Not sure if it ever deletes old messages though.
Actually, the application itself has a terrific explanation of how its logs are handled. Describes this whole process in good detail.
I wouldn't have to know this if my wife wasn't having suspicious conversations necessitating investigation